Cloudflare has announced that it successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, which peaked at 11.5 terabits per second (Tbps).

Details of the Attack

According to a brief update shared on X, the company confirmed that the assault was a UDP flood that primarily originated from Google Cloud infrastructure. Despite its intensity, the attack lasted for only about 35 seconds.

Over the past several weeks, Cloudflare’s security systems have been operating under heavy load, automatically neutralizing hundreds of hyper-volumetric DDoS attacks. Among these, peaks reached 5.1 billion packets per second (Bpps) and 11.5 Tbps, with the latter marking a new record in scale.

How UDP Floods Work

A UDP flood attack overwhelms a target with a massive volume of User Datagram Protocol (UDP) packets. Since these packets require the recipient to allocate resources to process and respond, the flood quickly exhausts system capacity, leaving the target slow or completely unresponsive.

In this particular case, attackers escalated the packet rate to 5.1 Bpps, amplifying the resource drain and pushing the infrastructure closer to failure.

Historical Context

This new incident overtakes a 7.3 Tbps attack Cloudflare mitigated in May 2025. That earlier DDoS event lasted 45 seconds, generating traffic equivalent to 37.4 terabytes—roughly the same as streaming 9,000 HD movies simultaneously.

Both the May and September incidents were primarily driven by UDP floods, though the May event involved more than 122,000 unique IP addresses as attack sources.

Rising Trend in DDoS Activity

The frequency and intensity of such attacks highlight an escalating trend. Cloudflare reports that during the first half of 2025, it mitigated 27.8 million DDoS attacks, already exceeding the 21.3 million incidents observed in all of 2024 across HTTP and Layer 3/4 vectors.

Key Takeaway

With attackers leveraging massive cloud-based resources to launch hyper-volumetric assaults, the scale of DDoS threats is entering uncharted territory. The 11.5 Tbps event underscores the need for robust, automated, and cloud-scale defense mechanisms to ensure service resilience against record-shattering attacks.

Source: https://www.securityweek.com/cloudflare-blocks-record-11-5-tbps-ddos-attack